The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria

The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria

This study examines the determinant factors of information security practices towards organizational performance among Nigerian banks. To achieve this, a framework that consists of technological, organizational, and environmental (TOE) factors is proposed using information security culture as a me...

Full description

Saved in:
Bibliographic Details
Main Author: Adebola, Babatunde Dorcas
Format: Thesis
Language:eng
eng
Published: 2014
Subjects:
HG Finance
Online Access:https://etd.uum.edu.my/4524/1/s92899.pdf
https://etd.uum.edu.my/4524/2/s92899_abstract.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-uum-etd.4524
record_format uketd_dc
institution Universiti Utara Malaysia
collection UUM ETD
language eng
eng
advisor Selamat, Mohamad Hisyam
topic HG Finance
HG Finance
spellingShingle HG Finance
HG Finance
Adebola, Babatunde Dorcas
The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria
description This study examines the determinant factors of information security practices towards organizational performance among Nigerian banks. To achieve this, a framework that consists of technological, organizational, and environmental (TOE) factors is proposed using information security culture as a mediator of TOE factors. The framework identifies the factors influencing information security practices among Nigerian bankers. Findings using TOE will eventually lead to the improvement of organizational performance through the establishment of information security culture among Nigerian banks. Thus, the use of information security practices will assist in reducing human factors such as errors, failures, internal incidents and social engineering attacks. A questionnaire survey was designed to obtain data on information security culture, organizational performance, organizational, environmental and technological factors. Multiple regression was used to test for the relationship between organizational performance, information security culture, TOE factors and the reliability and validity of the data. The findings indicated that perceived technology advancement, information security policy and procedure, international security standard, information security awareness, perceived training programs, motivation of employee and perceived job roles and responsibilities significantly influence the organizational performance. The remaining variables have no statistically significant influence on organizational performance. Also, this study found that information security culture significantly mediates the relationship between organizational performance and TOE factors. Thus, the result of this study shows that the objectives of this study were achieved.
format Thesis
qualification_name Ph.D.
qualification_level Doctorate
author Adebola, Babatunde Dorcas
author_facet Adebola, Babatunde Dorcas
author_sort Adebola, Babatunde Dorcas
title The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria
title_short The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria
title_full The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria
title_fullStr The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria
title_full_unstemmed The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria
title_sort determinant of information security practices towards organizational performance in the banking sector evidence from nigeria
granting_institution Universiti Utara Malaysia
granting_department Othman Yeop Abdullah Graduate School of Business
publishDate 2014
url https://etd.uum.edu.my/4524/1/s92899.pdf
https://etd.uum.edu.my/4524/2/s92899_abstract.pdf
_version_ 1747827752510160896
spelling my-uum-etd.45242022-04-09T23:12:34Z The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria 2014 Adebola, Babatunde Dorcas Selamat, Mohamad Hisyam Othman Yeop Abdullah Graduate School of Business Othman Yeop Abdullah Graduate School of Business HG Finance QA75 Electronic computers. Computer science This study examines the determinant factors of information security practices towards organizational performance among Nigerian banks. To achieve this, a framework that consists of technological, organizational, and environmental (TOE) factors is proposed using information security culture as a mediator of TOE factors. The framework identifies the factors influencing information security practices among Nigerian bankers. Findings using TOE will eventually lead to the improvement of organizational performance through the establishment of information security culture among Nigerian banks. Thus, the use of information security practices will assist in reducing human factors such as errors, failures, internal incidents and social engineering attacks. A questionnaire survey was designed to obtain data on information security culture, organizational performance, organizational, environmental and technological factors. Multiple regression was used to test for the relationship between organizational performance, information security culture, TOE factors and the reliability and validity of the data. The findings indicated that perceived technology advancement, information security policy and procedure, international security standard, information security awareness, perceived training programs, motivation of employee and perceived job roles and responsibilities significantly influence the organizational performance. The remaining variables have no statistically significant influence on organizational performance. Also, this study found that information security culture significantly mediates the relationship between organizational performance and TOE factors. Thus, the result of this study shows that the objectives of this study were achieved. 2014 Thesis https://etd.uum.edu.my/4524/ https://etd.uum.edu.my/4524/1/s92899.pdf text eng public https://etd.uum.edu.my/4524/2/s92899_abstract.pdf text eng public Ph.D. doctoral Universiti Utara Malaysia Abu- Musa, A. (2003). The perceived threats to the security of computerized accounting information system. The Journal of American Academy of Business, 1(2), 9-20. Abu-Zineh, S. (2006) Success Factors of Information Security Management: A Comparative Analysis between Jordanian and Finnish Companies. Adeleye, B C, Annansingh, F and Nunes, M B. (2000). Risk management practices in IS outsourcing: An investigation into Commercial Banks in Nigeria. International Journal of Information Management, 24(2), 167-180. Aguinis, H. (1995). Statistical Power problems with Moderated Multiple Regression in Management Research. Journal of Management, 1995, Vol 21(6) pp. 1141-1158. Aggreliki Tsohou, Spiros Kokolakis, Maria Kenryda, and Evangelos Kiountouzis. (2008). Investigating information Security Awareness. 17, 207-208. Ajbaclv, A., Keramati & Razmi, J. (2007) Assessing the impact of IT on Firm Performance considering the role of interesting variables: Organizational Infrastructure & Business Processes re-engineering. Aiello, M. (2008) Social Engineering. InL. J.J. Janczewski & A.M Colarik (Eds) Cyber Warfare and Cyber Terroism (pp 191-198) Hersey, P.A: IGI Global. Aiken, L.S and West, S.G. (1991). Multiple regression: Testing and interpreting interactions. Newbury Park, London: Sage. Aiken, L. S; West, S.G. (1991). Multiple Regression: testing and Interpreting interactions Sage publications, The international Professional Publishers Newbury Park-London New Delhi. Akinsuyi. (2009). The drawing of information security legislations: What Nigerian Corporations can do to prepare. Lagos-Nigeria. Alabede, J.O., Ariffin, Z. Z, Idris, M. (2012). Tax service Quality and Compliance Behavior in Nigeria. Do tax Payers's Financial Condition and risk Preference play any Moderating role? European Journal of Economic Finance and Administrative Studies. 35, 90-108. Alex, R.P (2010). Criminology and Criminal Justice Research: Methods-Quantitative Research Methods, Threats to Validity, Qualitative Research Methods, Future of Research Methods in Criminology and Criminal Justice. Retrieved from http://law.jrank.org/pages/928/Criminology-Criminal-JusticeResearch. Al-Awadi, k. & Saidani, M. (2010). Justifying the need for data security. Management Plan. Information Management & Computer Security. Vol. 18(3) pp. 173-184. Allison, P. (1999). Multiple Regression. A primer. 1: Pine Forge Press. Alnatheer, M. & Nelson, K. (2009). Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context. Proceedings of the 7th Australian Information Security Management Conference, Perth, Western Australia. Alshawaf, A.H.,Ali, J.M.H & Hassan, M.H.(2005). A benchmarking framework for Information systems management issues in Kuwait. Benchmarking: An International Journal, Vol. 12(1), 30-44. Ashenden, D. (2008). Information security management: A human challenge? Information Security Technical Report, 13, 195-201. Anderson, R.J (2008) Security Engineering. A Quide to Building Dependable Distributed Systems (2nd Ed.) new York: Wiley. Andress, M. (2000) Manage people to protect data. Infoworld Vo1. 22(46). Appari, Ajit & M. Johnson, Eric (2010) Information security and privacy in healthcare: current state of research. Int. J. Internet and Enterprise Management, Vol. 6, No. 4. Armstrong, J. & Overton, T.S. (1977). Estimating non-response bias in mail surveys. Journal of Marketing Research, 4, pp.396-402. Armstrong, C. & Sambamurthy, V. (1999). Information Technology Assimilation in Firms: the influence of senior Leadership and IT infrastructures System Research 10(4), 304-327. Babatunde, D. A. & Selamat, M.H. (2012a). Investigating information security and its Influencing factors in Nigerian bank Industry: A conceptual model. International Journal of Social Science Economics and Arts. Vol. 2(2). Babatunde, D. A. & Selamat, M.H. (2012b). Determining Factors Influencing Information Security Management in the Nigerian banking and Insurance Sector: A Literature Review. Journal of Business and Economics, USA. Vol. 3(6), December, Babbie, E. R. (1990). Survey Research Methods, Wadsworth, Belmont Retrieved on 16th April, 2012 from www.cordaps.edu.pk/Download/ QuantitativeMethodandSurveys.doc. Badamas, M. A (2008). Critical issues in the management of information systems in Nigeria: An empirical study. International Journal of Business Information Systems, 3(1) 63-72. Baron, R. M. & Kenny, D. A. (1986). The Moderator-Mediator Variable Distinction in Social Psychological Research: Conceptual, Strategic and Statistical Consideration. Journal of Personality and Social Psychology. 51(6), 1173-1182. Barlett, J. E., Kortlik, J. W. & Higgings, C.C. (2001). Organizational research: Determining appropriate sample size in survey research. Journal of Information Technology, Learning and Performance, 19(1), 43-50. Bartlett, M. (1954). A note on multiplying Factor for Various Chi-Square approximations Journal of the Royal Statistical Society 16 (series B), 256-298. Beech, N. (2008). Research Methods [Lecture notes]. Leeds Metropolitan University. Bennett, J. A. (2000). Focus on Research Methods Mediator and Moderator Variables in Nursing Research: Conceptual and Statistical Differences. Besnard, D. & Arief, B. (2004) Computer Security Impaired by legitimate Users. Computer and Security pp 253-264. Bjorck, F. (2001). Security Scandinavian Style: Interpreting the Practice of Managing Information Security in Organizations. (Doctoral dissertation, Stockholm University and Royal Institute of Technology, 2001). Blackwell, E. (1958). Building 2 solid foundation for intranet security. Information Systems Management. Spring 15(2): 26-34. Boss, S. R., & Kirsch, L. J. "The Last Line of Defense: Motivating Employees to Follow Corporate Security Guidelines," in International Conference on Information Systems, Montreal, 2007, pp. 1-18. Briney, A. (2001). 2001 Survey Information. Information Security Magazine, October, 34-37. Brotby, K. (2009) Information Security Governance: A practical Development and Implementation Approach. John Wiley & Sons Vo1. 53, 220. Bruce, L. (2003). Information security-key issues and developments. Retrieved from www.pwcglobal.com/ jm/images/pdf/Information%2OSecurity%2ORisk.pdf. Bourque, L.H.,& Fielder, E.P.,(1994) how to conduct self-administered and mail survey London, SAGE Publications. British Standards Institute (1993), BS 7799: Code of Practice for Information Security Management (CoP), PD0003, British Standards Institute, UK. BS7799-1 (1998), Information Security Management-Part 1: Code of Practice for Information Security Management, British Standards Institute, London. BS7799-2 (1999), Information Security Management-Part 2: Specification for Information Security Management System, British Standards Institute, London. Bowden, J. (2000). Security policy: What it is and why the basic? DTI, The Business Managers guide to information security. Retrieved from http://www.dti.gov.uk/ 2000. Brawn, M., & Heywood, J. S. (2005). Performallce appraisal systems: Determinant and change British Journal of Industrial Relations, 43(4), 659-679. Bruno L.F. & Sousa, J.O. (2009). Organization Culture: How to measure it. Dom Cabral Foundation Nova Lima, Brazil. Brutis. (2006). National Population Commission. Nigeria. Brynjolfsson, E., Malone, T.W., Gurbaxi, V., and Kambali, A. (1994). Does information technology lead to smaller firms?. Management Science 40(12), 1628-1644. Bryman, A. & Crarner, D. (2001). Quantitative Data Analysis with SPSS Release 10 for Windows: A Guide for Social Scientists. East Essex: Routledge. Buono, A.F., Bowiditch, J.L & Lewis, L.W (1985) When Culture Collides: The anatomy of a merger. Human relations 38(5), 477-500. Coakes, S. J & Ong, C.(2011) Analysis without Anguish.SPSS version 18.0 for Windows. Caby, E. C., Pautke, R. W., and Redman, T. C. (1995). Strategies for improving data quality.Data Quality, 1(1), 4-12. Cameron, R. (1972). The banking and economic development: Some lessons of the history. New York: Oxford University Press. Cavana, R. Y,. Delahaye, B. L, & Sekaran, U. (2001). Applied business research: Qualitative and qualitative methods. Singapore: Markono Print Media Limited. Cameron, R. (1972). Banking and Economic Development: Some Lessons of History. New York: Oxford University Press. Chan, M., Woon, I. & Kankanhalli, A. (2005) perception of IS at the workplace: Linking, Information Security Climate to Complaint behavior, Journal of information Privacy and Security 1(3), 18-42. Chang, S.H. & Ho, C.H. (2006). Organizational factors to the effectiveness of implementing Information Security Management. Institute of Management & Data Science, Vol. 106 (30, 345-361. Chang, S. E., & Lin, C. (2007). Exploring organizational culture for information security management. Industrial Management and Data Systems, 107(3), 438-458. Chang, P.Y.K & Tam, K.Y. (1997). Factor adopting the open systems: An exploratory study. MIS Quarterly, 21(1), 1-21. Cohen, D. & Crabtree, B. (2006). Qualitative research guidelines project. Princeton NJ: Robert Wood Johnson Foundation. Retrieved from http://www.qualres.org/h. Cohen, J., Cohen, P; West S.G & Aiken, L.S. (2003). Applied Multiple Regression/Correlation For the Behavioural Science (3rd ed.) Lawrence Erlbaum Associates Publishers London. Cooper, D.R. & Schindler, P.S. (2003). Business research Methods (8th ed.) Boston: MA: McGraw-Hill. Connolly, P.J. (2002) Security start from within, Infoworld, Vol. 22 (28). Cormack, A. (2001). Do We Need a Security Culture? VINE, 31(2), 8-10. Cortina, J. M. (1993). What is coefficient Alpha? An Examination of Theory and Application Vo1. 78(1). Journal of Applied Psychology. Cramer, D. (2003). Advanced Quantitative Data Analysis. Open University Press: Maidenhead Philadelphia. Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16(3), pp. 297-334. Cronbach, L. J.& Richard J. S. (2004). My Current Thoughts on Coefficient Alpha and Successor Procedures. Educational and Psychological Measurement 64(3) pp. 391-418. Chen C.C., Medlin, B.D & Shaw, R.S. (2008) A Cross-sectional Investigation of Situational Information Security Awareness programs. Churchill, G. A., Jr., & Brown, T. J. (2004). Basic marketing research (5th ed.). Sydney: South-Western College. David, (2002). Policy enforcement in the workplace, Computers & Security Vol. 21(6), pp. 506-513. Deal, T. E. & Kennedy, A. A. (1982). Corporate Cultures. Addison-Wesley, MA. Devlin & Meyerson. (2001). Poor IT planning team organizational Structure especially in highly Complex Organization such as academic Institutions. De Guinea, A.O.; Kelley, H.; & Hunter, M.G. (2005). Information Systems Effectiveness in Small Business: Extending a Singaporean Model in Canada. Journal of Global Information Management, 13(3), 55-70. Deloitte (2007) 2007 Gobal Security Survey. The shifting Security Paradigm. Deloitte Touche Tohamatsu. DeLone, W. & McLean, E. (1992). Information system succecs: The quest for the dependent variable. Information Systems Research, 3(1), 60-95 Denscombe, M. (1998) The good research guide for small-scale social research projects. 1st Ed. Buckingham,Open University Press. Denscombe, M. (2003) The good research guide for small-scale social research projects. 4th Ed. Buckingham, Open University Press. Denscombe, M. (2010) The good research guide for small-scale social research projects. 2nd Ed. Buckingham,Open University Press. De Vaus, D. A. (1986) Survey in Social research (4 Ed.) London UCL Press Ltd, London. De Vaus, D. A. (2011) Research Design in Social Research. Sage Publication Ltd, London. Dhillon, G. & Torkzadeh, A. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16, 293-314. Dhillon, G. (2001). Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns. Computers & Security; Vol.20, No.2, pp. 165-172. Dhillon, G., & Backhose, J. (2001). Current directions in IS security research: towards socio organizational perspectives. Information Systems Journal, 11(2), 127-53. Dhillon, G., & Moores, S. (2001), Computer crimes: Theorizing about the enemy within. Computers & Security, 20(8), pp. 715-723. Dillman, D.A. (1978) Mail and telephone survey. The total design method. hew York: John Wiley & Sons. Dhillon, G. (2007). Principles of information systems security. NJ: John Wiley & Sons. Dinev,T. & Hu, Q. (2007) The centrality of awareness in the formation of user behavior intentions towards preventives technologies in the context of voluntary use. Journal of the AIS, 8(7), 386-408. Dojkovski, S., Lichtenstein, S., & Warren, M. J. (2001) Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia. Dominguez, C.M.F. (2009). Risk reduction by implementing security awareness programs in Puerto Rico metro area companies. (Doctoral dissertation, Universidad del Turabo Gurabo, Puerto Rico, 2009). Retrieved from ProQuest Database (UMI 3412026). Dwived, Y.K, (2007). Consume adoption and usage of broadband. IRM Press. Dwived, Y.K., Choude, J., & Brinkman, W. P. (2006). Development of a survey instrument to examine consumer adoption of broadband. Industrial Management & Data Systems, 106(5), 700-718. Easterby-Smith M., Thorpe R. & Lowe A. (1991). Management research: An introduction. London: Sage Publications Limited. Ehikamenor, F.A, (2003) Information technology in Nigerian banks: The limits of Expectations. Information Technology for Development, 10, 13-24. Retrieved from http://itd.ist.unomaha.edu/Archives/44.pdf. Elbanna, S. & Chidi, J. (2007) Influence on Strategic Decision Effectiveness, Development and test of an Integrative Model. Strategic Management Journal 28, Elchangar, H., Bouladour, B., Makoudi, M. & Regragui, B. (2012) information Security, 4th Wave.journa1 of Theoretical Applied information Technology. Vol 43(1). Eloff, J. & Eloff, M. (2003). Information security management: A new paradigm. ACM, Proceedings of SAICSIT 2003, pp. 130-136. Eloff, M., M., & Solms, S., H. (2000). Information Security management: A Hierarchical Approach for various frameworks. Computer & Security, 19(3), 243-256. Elky, S. (2006). An introduction to information System Risks Management. SANS, Institute. Ernst & Young (2007) 10th Annual Global Information Security Survey. Achieving a Balance of Risk and Performance. Ernst and Young. Emeka, R.O. (2009). A critical evaluation of the role of the Central Bank of Nigeria in ensuring corporate governance in Nigerian banks post consolidation. Retrieved . fromhttp://ssrn.com /abstract=1509454 or htrp:lldx.doi.orgll0.2 139/ssm. 1509454. Emery, J., Crunqi,C. & Bors,P. (2003). Reliability and Validii? of Two Instruments. Designed to Assess the Walking and Bicycling Suitability of Sidewalks and Road .Val. 18(1). American Journal of Health Promotion. Esuh, O.L. (201 1). The Moderating Effect of Location and Culture on the Relationship between Individual Determinants, External Factors and Firm Characteristics on Entrepreneurial Performance.UUM Thesis, Kedah-Malaysia. Farahm, F., Shamkant, B. N., Gunter P.S. & Philip H.E. (2003). Managing vulnerabilities of information systems to security incidents. ACM, 2003. Fauzi, H., & Idris, M. (2009). The relationship of CSR and financial performance: New evidence from Indonesian companies. Issues in Social and Environmental Accounting, 3 (1), 66-87. Fauzi, H., (2010). Corporate social performance and financial performance of Indonesian Firms. (Unpublished doctoral thesis). Universiti Utara Malaysia. Ferguson, A. (2005) Fostering email security awareness: The West point Carronade. Edu Cause Quarterly 28 (1) 54-57. Fill, C & Visser, E (2000). The outsourcing dilemma: A composite approach to the make or buy decision. Management Decision, 38(1), 43-50. Finne Thomas. (1998). A conceptual Framework for information security management. Computer & Security Volume (Issue), 303-307. Flynn, N.L. (2001). The E-policy handbook: Designing and implementing effective email, internet and software policies. New York, NY: American Association. Foong, S.Y. (1999). Effect of End User Personal and Systems Attributes on Computer Based Information System Success in Malaysian SMEs. Journal of Small Business Management, 37(3), 81-87. Frazier, P.A, Barron, K.E & Tix, A. (2004). Testing Moderator and Moediator Effect on Counselling Psychology Research. Journal of Counselling Psychology 51(1), 115- 135. http:/dx.doi.org/l0.1037/0022-0167.1.115. Cried, L. (1994). Information Security and New Technology Potential Threats and Solutions. Information Systems Management, 11(3): 57-63. Friedman J.N., Goldman, R.D., Srivasta, R., & Parkin, P. (2004) Development of a Clinical Dehydration Scale for Use in Children Between 1 And 36 Month of Age. Garg, A., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of information security breaches. Information Management and Computer Security, 11(2), 74-83. Gay, C. E., & Essinger, J. (2000). Inside Outsourcing: The Insider's Guide to Managing Strategic Sourcing. London: Nicholas Brealey Publishing. Gay, L.R.& Diehl, P. L. (1996). Research methods for business and management. (international ed.). Singapore; Prentice hall International Inc. Gebrasilase, T. & Lessa, L. (2011) Information security culture in public hospitals. The African Journal of Information Systems, Volume 3, Issue 3, 2011. Ghobadian, A. & Gallear, D. (1997). "TQM and organization size" International Journal of Operations & Production Management, Vol. 17(2), pp. 121-63. Glaser, F. & Pallas, B. (2007). Information security as organization internal control. Gragg, D. (2002) A multi-level defense against social engineering. White paper, SANA Institute. Grainger-Smith, N. & Oppenheim, C. (1994). The role of information systems and technology (IS/IT) in investment banks. Journal of Information Science, 20(5), 323-333. Gray, G.M & Ropeik, D. P (2002) Dealing with the danger of fears. The role of risk communication. Health Affairs 21, 106-116. Gonzalez, J. & Agata S. (2002). A framework for human factors in information security. Paper presented at The 2002 WSEAS, International Conference on Information Security, Rio de Janeiro. Gonzalez, R., Gasco, J. & Llopis J. (2009). Information systems outsourcing reasons in the largest Spanish Firms. International Journal of information management, 25(2), 117-136. Gonzalez, R., Gasco, J. & Llopis J. (2006). Information systems outsourcing: a literature analysis. Information and Management, 43(7), 821-834. Gonzalez, R.; Gasco, J & Llopis, J. (2010). "Information Systems 0utsourcing.Reasons and Risks: a new assessment. Industrial Management & Data System Vol. 110(1), pp. 284-303. Gonzalez, R.; Gasco, J & Llopis, J. (2005b) "Information Systems Outsourcing Risks: a Study of Large Firms", Industria1 Management & Data Systems, Vol. 105(1), pp. 45-62. Goodhue, D.L. & Straub, D. W. (199l) security concerns of system users: a study of Perception of the adequacy of security. Information & Management. Vol. 20(1), 13-27. Gupta, V.G, & Gupta, A. (2005). Outsourcing the IS function: Is it Necessary for your Organization?. Information systems management, 9(3), 44-50. Gupta, A. & Hammond, R. (2005) Information security issues and decision for small business. Information Management & computer security 13(4), 297-310. Gupta, A. & Hammond, R. (2007). Information security management: factors that influence its adoption in small and mid-sized businesses. Journal of information Security System and Technology Management, Vol. 4(30, 2007, pp. 375-397. Gibbs, J.L. & Kraemer, K. L., (2004). A Cross-country investigation of the determinants of the scope of e-commerce use: An institutional approach. Electronic Market 14(2), 124-137. Guildford, J. P. (1973). Foundamental Statistics in Psychology and Education, 5th edition Newyork: McGraw-Hill. Hair, J.F., Anderson, R.E., Tatham, R.L. & Black, W.C. (1998). Multivariate Data Analysis: A global perspective. (7th ed.). USA: Pearson Education Inc. Hair, J.F., Black, W.C., Babin, B. J & Anderson, R. (2003). Multivariate Data Analysis. (5th ed.). London: Prentice Hall. Hair, J.F., Black, W.C., Babin, B. J, Anderson, R. & & Tatham, R.L (2006). Multivariate Data Analysis. (5th ed.). London: Prentice Hall. Hair, J.F., Black, Mony, A. H., Samuel, P. & Page, M. (2007). Research methods for business. England: John Wiley & Sons limited. Hair, J.F., Black, W.C., Babin, B. J, Anderson, R. (2010). Multivariate Data Analysis. (7th ed.). Upper Saddle River, N.J: Pearson Prentice Hall. Hagen, J. M., Albrechtsen, E., & Hovden, J. (2008). Implementation and effectiveness of organizational information security measures. Information Management & Computer. Security, 16(4), 377-397. Hellriegel, D., Slocum, J. W. & Woodman, R. W. (1998). Organizational Behavior. 8th Ed: South-Western College Publishing. Hinde, S. (2002). Security survey spring crop. Computer & Security, 21(4), 310-321. http://ujdigispace.uj.ac.za:8080/dspace/handle/ l0210/292; viewed on Sept. 5, 2009. http://www.is2.Ise.ac.uk/asp/asp/aspecis/200700 41.pdf. (Accessed April 14, 2013). Hill, M.(1999). Technology investment in business banking. Journal of Lending and Credit Risk Management, 8l(6) 30-35. Hoffman, T., (1998). Winning weapon. Computerworld, 1998, 17-20. Holmbeck, G. N. (1997). Toward Terminological, Conceptual, and Statistical Clarity in the study of Mediators and Moderators: Examples From the Child-Clinical and Pediatric Psychology Literatures, Journal of Consulting and Clinical Psychology, 95(4), 599-610. Hinson, G. (2003). Human factor in information security. 2003, ISecT Ltd. Hone, K. & Eloff, J.H.P (2002). Information security policy what do international information security standards say?. Computers Security, 21(5), 402-409. Hong Kwo-shing, Yen-Ping Chi, Louis R. Chao & Jih-Hsing Tang (2003). An integrated System theory of Information Security Management. Information Management & Computer Security, 11(5), 243-248. Hoffer, J.A. & Straub, D.W. (1989). The 9 to 5 underground: are you policing computer crimes?, Sloan Management Review, Vol. 30 No. 4, pp. 35-43. Hong Kwo-shing, Yen-Ping Chi, Louis R. Chao & Jih-Hsing Tang (2003). An Integrated System theory of Information Security Management. Information & Management Computer Security, 11(5), 243-248. Hurt R.L (2008) Accounting Information System: Basic Concepts and Current Issues. Boston: McGraw-Hill, Inc. Hu, Q., Hart, P. & Cooke, D. (2006). The role of external influences in organizational Information security practices: An institutional perspective. Journal of Strategic Information System, 16(2), 153-172. Huang, D., Rau, P.P & Salvendy, G. (2007) Survey of Factors Influencing People's Perception of Information Security. INJ (Ed.) Human-Computer Interaction, Part Iv. Heidelberg: Springer. Iacaovou, C. L, Benbasat, I, & Dexter, A. S., (1995). Electronic data lnterchange and small organization adoption and impact of technology. MIS Quarterly, 19(4), 465-485. Igbaria, M.; Zinatelli, N.; Cragg, P. B., & Cavaye, A.L. (1997). Personal computing acceptance factors in small firms: A strucwal equation model. MIS Quarterly, 21(3), 279-305. Ighomwenghian, K., (2010). Daily Independence Newspaper, Lagos-Nigeria. Im, G., & Baskerville, R. (2005). A longitudinal study of information system threat categories: the enduring problem of human error. The Database for Advances in Information Systems, 36(4), 68-79. Ismail N.A (2008). Information technology governance, funding and structure: A case analysis of Public University in Malaysia. Information Reading Room. SANS Institute, 25(3), 145-160. Ismail, N.A. & King, M. (2006). The alignment of accounting and information systems in SMEs in Malaysia. Journal of Global Information Technology Management, 9(3), 24-42. Ismail, N.A. & King, M. (2007). Factors influencing the alignment of accounting information systems in small and medium sized Malaysian manufacturing firms. Journal of Information Systems and Small Business, 1(1/2), 1-19. Ismail, N.A. (2009). Factors influencing AIS effectiveness among SMEs: Evidence from Malaysia. The Electronic Journal of Information Systems in Developing Countries, 38: 10, 1-19. IS0 (2005) ISO/IEC 17799 Information Technology Security Technology-Code of Practice for ISM. Second Edition 2005-06-15. Reference ISO/IEC 17799-1: 2005 (E) Pg 1-115. IT News Africa, (2009) ATM Removal to banking Hall Premises. James, L. R. & Brett, J. M. (1984). Mediators, moderators, and tests for mediation, Journal of Applied Psychology, 69, 307-321.. Jarvenpaa, S.L. & Ives, B. (1991). Executive involvement and participation in Management Information Technology. MIS Quarterly, 15(2), 205-227. Juma'h, A., & Wood, W. (2000). Outsourcing implications on companies' profitability: A sample of UK companies. Work Study, 49(7), 265-274. Judd, C.M. & Kenny, D.A. (1981). Process analysis: Estimating mediation in treatment evaluations, Evaluation Review, 5 602-619. Kabay, M. E. (1996). The NCSA guide to enterprise security. New York, NY: McGraw Hill. Kabiru, J. R. (2012). A Framework of Business Process Re-engineering Factors and Organizational Performance of Nigerian Banks. Asian Social Science Journal, Vol 8, (4). Canadian center of science and Education. Kassarjian, H. H. (1977) Content analysis in Consumer Research. Journal of Consumer Research, 4, 8-10. Kankanhalli, A., Teo, H-H., Tan, B.C., & Wei, K-K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154. Kap-Willam, S. (2009) Employees- a Company's Greatest Asset. Retrieved from Business Management Suite 101 on 24 July, 2012. Karyda, M., Kiountouzis, E., & Kokolakis, S. (2005). "Information systems security policies: A contextual perspective. Computers & Security, 24,246-260. Karyda, M., kountouzis, E. & Kokolakis, S. (2004). Information system security policies contextual perspective. Computer & Science, Volume (Issue), 246-260. Kankanhalli Atreyi, Hock-hai Teo, Bernard C.Y. Tan, & Kwok-kee Wei. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, Volume(Issue), 139-154. Kaiser, H. (1974). An Index of factorial Simplicity Psychometrika 39(31-36). http:/dx.doi.org/l0.1007/BF02291575. Kenny, M.J. (2001). Security Management Standard-ISO. BT Technology Journal, 19(3), 132-136. Kaiser, H. (1974). An index of factorial simplicity", Psychometrika, Vol. (39), 31-6. Kearns, G.S. & Lederer, A.L. (2004). The impact of industry contextual factors on IT focus and the use of IT for competitive advantage. Information & Management Vol. 41(7), 899-919. Krause, M. & Tipton, H. F. 2002. Handbook of lnformation Security CRC Management Press LLC, ISBN: 0849399475. Kraemer, S. & Carayon, P. (2005). Computer and information security culture: findings from two studies. Proceedings of the 49th Annual Meeting of the Human Factor and Ergonomics Society. Orlando, Florida: Human Factors and Ergonomics Society. Retrieved from http://cis.engr.wisc.edu/docs/skhfes2005.pdf. Krejcie, R. V.& Morgan, D. V. (1970). Determining Sample Size for Research Activities Educational and Psychological Measurement 1970, 30, 607-610. Koacich, G. (1998). Establishing an information systems security organization (ISSO). Computer & Security, 17, 600-612. Knapp, J. K., Marshall, E. T., Kelly Rainer, R., & Nelson Ford, F. (2006). Information security management's effect on culture and policy. Information Management & Computer Security, 14(1), 24-36. Knapp, K.J., Marshall, T.E., Rainer, R.K. & Morrow, D.W. (2004). Top Ranked Information Security Issues. Paper presented at the 2004 International Information Systems Security Certification Consortium (ISC). Krause, M. & Tipton, H. F, (2002). Handbook of Information Security CRC Management Press LLc, ISBN: 0849399475. Kruger, H.A., & Kearney, W.D. (2006). A prototype for assessing information security Awareness Computers & security, 25, 289-296. Kuan, K.L.Y. & Chau, P.Y.K. (2001). A perception-based model for ED1 adoption on small business using a technology-organization- environment framework. Information and Management, 38(8), 507-512. Kwok, Lam-for & Dennis, L. (1999). Information Security Management and Modeling information. Management & Computer Security, Volume (Issue), 30-39. Lacity, M., Hirschheim, R. & Willcocks, L. (1994) "Realizing Outsourcing, Expectation, Credible Outcomes", Information Systems Management, Incredible Vol. 11(4), pp. 7-18. Lankford and Parsa (1999), Outsourcing A Primer, Management Decision, 3714, pp. 310: 316. Lau, Oliver. (1998). The ten commandments of security. Computer & Security, 17(Issue), 119-123. Lederer, A.L. & Gardner, V. (1992). The process of strategic information planning. Journal of Strategic Information system, 1 (2), 76-83. Leidner, D. & Kayworth, T. (2006). Review: A review of culture in information systems research: towards a theory of information technology culture conflict. MIS Quarterly, 30(2), 357-399. Lee, J., & Lee, Y. (2002). "A holistic model of computer abuse within organizations, Information Management & computer security (10:2/3), 2002, pp. 57-63. Lee, S. M., Lee, S. G., & Yoo, S. (2003) "An integrative model of computer abuse based on social control and general deterrence theories," Information & Management (41:6), 2003, pp. 707-718. Leidner, D.E. & Kayworth, T. (2006): Review: A review of culture in information systems Research: Toward a theory of information technology culture conflict, MIS Quarterly Vol. 30,(2) pp. 357-399. Liang, H., Saraf, H. Hu, Q. & Xue, Y. (2007). Assimilation of Enterprise Systems: The effect of Institutional Pressure and Mediating Role of Top Management. MIS Quarterly. 31(1), 51-87. Lippert, S. K. (2001). An exploratory study into the relevance of trust in the context of information systems technology. (Doctorial dissertation, The George Washington University, Washington, D.C., 2001). Lippert, S.K. & Govindarajulu, C. (2006). Technology-organization-environment antecedents to web services adoption. Communication of IIMA, 6(1), 146-158. Loh, L. & Venkatraman, N. (1992). Determinants of information technology outsourcing: a cross sectional analysis. Journal of Management Information Systems, 9(1), 7-24. Loh, L. (1994). An organizational-economic blueprint for information technology outsourcing: concepts and evidence. ICIS 1994 Proceedings, 73-89. Retrieved from http://aisel.aisnet.org/icis1994/7/. Martins, A. (2000). The influence of organizational culture on creativity and innovation in a University library. M.Inf. Dissertation. Pretoria: university of South Africa. Matins A. & Eloff, J. (2001) Social and Ethical Aspects of Information Security. Martins, O. & Odunfa, A. (2012) At the 50th Information Value Chain Forum in Lagos. Malhotra, N. K., Hall, J., Shaw, M., & Oppenheim, P. (2006). Marketing research: An Applied orientation (3rd ed.). Frenchs Forest: Prentice Hall. Matteson, M.T, Ivancevich, J.M & Smith, S.V. (1984). Relation of type of behavior to performance and satisfaction among sales personnel. Journal of Vocational Behaviour, 25, 203-214. Maslow, A.H. (1997). Motivation and Personality, Harper & Row, New York, NY. MacKinnon, D. P., Warsi, G., & Dwyer, J. H. (1995), A simulation study of mediated effect measures. Multivariate Behavioral Research, 30(1), 41-62. MacKinnon, D.P., Lockwood, C.M., Hoffman, J.M., West, S.G., & Sheet, V. (2002). A comparison of methods to test the significance of mediating Analysis. Annual Review of Psychology Methods, 7(1), pp 83-104. MacKinnon, D.P., Fairchild, A.J., & Fritz, M.S, (2007). Mediating Analysis Annual Review of Psychology, Vo1. 58. pp. 593-694. Milkovich, G.T., & Newman, J. M. (1999). Compensation. New York: Irwin/McGraw-Hill. Mitchell, R.C., Marcella, R. & Baxter, G. (1999). Corporate Information Security Management. New Library World, 100(1150), 213-227. Mitchell Ruth C., Rita Marcella & Craeme Baxter. (1999). Corporate Information Security Management, New Library World, 1999 pp 213-227. Mobley, W.H., Wang, L. & Fang, K. (2005). Organizational culture: Measuring and developing it in your organization. The LINK, Summer, 11-20. Mouratidis, H., Jahankhani, H., & Nkhoma, M. Z. (2008). Management versus security specialists: An empirical study on security related perceptions. Information Management & Computer Security, 16(2), 187-205. Muhammad, M.A. (2009). The Combine Effect of Market Orientation and Owner/Manager's Innovation and Business Performance of Small and medium Sized Manufacturing Firms in Pakistan Sintok, Kedah, Malaysia: PhD Thesis, UUM. Myllot, T, R. (1995). Computer outsourcing: Managing transfer of information systems. Eaglewood Cliffs, N.J: Prentice Hall. McIvor, R. (2000). A practical framework for understanding the outsourcing process supply chain management. An International Journal, 5(1), 22-36. McKelvie, S.J. (1978). Graphic rating scale- How many categories? British Journal of Psychology, 69, 185-502. Mckelvie, P. L. (1989). Accounting Systems: Past, Present and Future, The Accounting System Journal 1(1), 1-3. Meyers, L. Gamst, G. & Guarino, A., (20C4). Applied multivariate research: design and interpretation. London: SAGE Publication. Miller, H. (1996). The multiple dimensions of information quality. Information systems Management, 13(2), 79-83. Miskell, J.R & Miskell, V. (1994) Motivation at work, Irwin, Burr Ridge II. Muller, D.; Judd, C.M. & Yzerbyt, V. Y. (2005). When Moderation is Mediated and Mediation is Moderated. Journal of Personality and Social Psychology 2005, Vol. 89(6) pp. 852-863. Nakatani & Chang, (2005). Poor IT planning team organizational Structure especially in highly Complex Organization such as academic Institutions. Neil, J. (2009). Exploring Research. Seventh edition. New Jersey: Pearson Education International, Inc. Ngo, L., Zhou, W. & Warren, M. (2005) Understanding transition towards organizational culture change. Proceedings of the 3rd Australian Information Security Management Conference, Perth Australia. Nickels, W.G, McHugh, J.M & McHugh S.M (2002) Understanding Business 6th edition. Boston: McGraw-Hill, Inc. Nigerian Stock Exchange. (2010). Nigerian Stock Exchange. Retrieved e; 20/03/2011 from www.nigerianstockexchange.com/. Nigeria, Central Bank. (2001). Banking Supervision Annual Report. Nigerian Tribune, (2011) Case on ATM Fraud. Nigeria, Deposit Insurance Corporation. (2002). Annual Report and Statement of Accounts. Norusis, M. J. (1999). Guide to Data Analysis. New Jersey: Prentice Hal. Noradilah, M. N., N. M. Talib, M. A., & Yaacob, S.N. (2009). Personality, Loneliness and Mental Health Among Undergraduates at Malaysian Universities. EuroJournals Publishing, Inc. Vol. 36(2) pp. 258-298. http://www.eurojournals.com/ejsr.htm. Nosworthy, J. D. (2000). Implementing Information Security in the 21st Century- Do You Have the Balancing Factors? Computers & Security, 19, 337-347 Nunnally, J. (1978), Psychometric Theory, 2nd ed., McGraw-Hill, New York, NY. Odunfumwa, M.O. (2008) Impact of Information Technology on Banking Industry Information System Research 12(1). Ogunleye, G. A. (1999). A review of banking activities and its regulatory framework in Nigeria: The past, present and future. NDIC Quarterly, 9(4). Orchesky, C. (2003). Beyond technology- the human factor in business systems. Journal of Business Strategy, 24(4), 43-47. Owolabi, E.A. (2007). Corruption and financial crimes. Nigeria: Genesis. Pallant, J. (2007) SPSS Survival Manual: A step by step gside to data analysis using SPSS for Windows (Version 15) 3rd Edition. Australia: Allan & Unwin. Parker, D.B. (2002). Motivating the workforce to support security objectives: A long-Term view. Parker, D.B. (1984), "The Many Faces of Data Vulnerability," IEEE Spectrum, (May), pp. 46-49. Parsons, K. Mccormac, A., Butavicious, M. & Ferguson, L. (2010) Human Factors and Information Secuirty: Individual, Culture and Security Environment, Command, Control, Communication and Intelligence Division. DSTO Defense Science and Technology-Organization. Australia. Pfleeger, C. P. (1989). Security in computing. Englewood Cliffs, NJ: Prentice Hall. Peters, T. & Waterman, R. (1982). In Search of Excellence. Harper and Row, Sydney. Peltier, T.R. (2003). Preparing for ISO 17799. Security Management Practices. pp 21-28. Peltier, T. R. (2005). Implementing an information security awareness program. Security Management Practices, (May/June), 37-49. Pironti, J. P. (2005). Key elements of information security program. Information Systems Control Journal, 2005 vol. 1. Porter, M. & Millar, V. (1985). How information gives you competitive advantage. Harvard Business Review. July- August: 149-160. Qingxiong Ma, Johnston, A.C., & Pearson, J.M. (2008). Implementation security management objectives and practices: a parsimonious framework. Information Management & Computer Security, 16(3), 251-270. Qingxiong Ma, Schmidt, M.B., Herbengei, S.R. & Pearson, J. M. (2009). Data security issue. Information accessibility product. Review of business publisher: St John's University, College of business Administration. ISSN 00346454. Vol. 30(1). Ramayah, T. (2011). Developing and Testing Mediators and Mediators in Malaysia Research School of Management, Univeristi Sains Malaysia, Penang. Reyes Gonzalea, Jose Gasco, & Juan LLopis.(2009). Outsourcing and information 110(3), 325-350. Rahman, I. (2008). The Role of Information Technology on Banking Industry: Theory and Empirics, Nigeria Time Book Review, July 12 (2008). Peltier, T. R. 2003. Preparing for ISO 17799. Security Management Practices. pp 21-28. Porter, M. & Millar, V. 1985. How information gives you a competitive advantage. Harvard Business Review. July-August: 149-160. Ramayah, T. (2010). Developing and Testing Moderators and Mediators in Management Research. School of Management, Universiti Sains Malaysai, Minden, 11800, Penang. Richardson, R. (2008). CSI Computer Crime & Security Survey. Retrieved from http://i.cmpnet. com/v2.gocsi.com/pdf/CSIsurvey2008.pdf. Rotvold, Glenda (2008). How to create a Security Culture in Your Organization. Ruighaver, A.B., Maynard, S.B., Chang, S. (2007) Organizational security culture: Saint-German, R. (2005). Information Security Management Best Practice Based on ISO/IEC 17799. The Information Management Journal, Arma International. Vol. 39(4), 60-65. Samuel, Mark. (2002). Good securities policies should be second Nature Computing, (Elsevier Science Limited). Sanusi, L.S. (2010, February 26). The Nigerian banking industry: What went wrong and the way forward. Lecture delivered at the Convocation Square, Bayero University, Kano, Nigeria. Sanusi, L.S. (2011). Banks in Nigeria and National Economic Development: A Critical review. BIS Central Bankers' Speeches, 1-6. Retrieved from http://www.bis.org/review/rl10323 b.pdf. Santos, J.A.R. (1999). Cronbach's Alpha: A Tool for Assessing the Reliability of Scales Texas A&M University. Vol. 37(2), Extension Journal. Tools of the Trade2TOT3. Retrieved from www.joe.org/joe/l999april/tt3.php on the April 18th, 2012. Saunders M., Lewis P. & Thornhill A. (2007). Research Methods for Business Students. 5th Ed. Financial Times Prentice Hall. Scalet, S. D. (2005). Five Steps to an Effective Strategic Plan July, 2005 Vol. 4(8). www.csoonline.com. Schlinger, T. & Teufel, S. (2002). Information security culture: the socio-cultural dimension in information security management. In Ghonaimy, M.A., El-Haddi, M.T. and Asian, H.K. (eds). Security in the Information Society: Vison & Perspectives. USA: Kluwer Academic, 193-201. Schlienger, T. & Teufel, S. (2003) 'Information Security Culture- From Analysis to Change.' Proceedings of ISSA 2003, Johannesburg. South Africa, 9-11 July 2003. Schein, E. H. (1992): Organizational Culture and Leadership, 2d, San Francisco: Jossey Bass. Schumpeter, J. A. (1934). The Theory of Economic Development. Cambridge: Harvard University Press. Scott, J.E (2007) An e-Transformation Study Using the Technology-Organization Environment Framework. 20th Bled econference e Mergence: Merging and Emerging Technologies, Processes, and Institutions June 4-6, 2007; Bled, Slovenia. Senge, P. M. (1990). The Fifth Discipline: The Art and Practice of the Learning Organization. New York, USA: Doubleday Currency. Sekaran,U. (2001). Research Methods for Business: A skill-building approach. NYC: John Willey & Sons, INC. Sekaran,U. Bougie, R. (2010). Research Methods for Business 5th (ed): A skill-building Approach. NYC: John Willey & Sons, Publication INC. Selamat, M.H., Dwivedi, Y.K., Abd Wahab, M.S., Samsudin, M.A., Williams, M.D., and Lal, B. (2008) Factors Affecting Malaysian Accountants' Broadband Adoption and use Behavior. Paper presented at the 14th Americans Conference on Information Systems (AMCIS,2008), Toronto, Ontario. Shahri, I. & Rahim, A.B (2012) Security Effectiveness in Health Information System. Through Improving human factor by Education and Training. Australian Journal of Basic and Applied Science 6(12), 226-233. Sharma, R. & Yetton, P. (2006). The contingent Effects of Management Support and task Interdependence on Successful information Systems implementation. MIS Quarterly, 27(4), 533-555. Shadish, W. R. & Sweeney, R. B. (1991). Mediators and moderators in meta analysis: There's a reason we don't let dodo birds tell us which psychotherapies should have. Sheridan, J.C. & Clara, O. (2011). Analysis Without Anguish SPSS version 18.0 for Windows. Jon Wiley & sons Australia, Ltd. Siponen, M. (2000). A conceptual foundation for organizational information security awareness. Information Management and Computer Security, 8(1), pp. 31-41. Sindhuja Parakkattu, & Anand S. Kunnzthur. (2010). A framework for research in information security management. Silverman, D. (2001). Interpreting qualitative data; methods for analyzing talk, text and interaction. 2nd Ed. London, Sage Publication Ltd. Siponen, M.T., & Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. The Database for Advances in Information Systems, 38(1), 60-81. Siponen, M. T. (2005). Analysis of modem IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization, 15 (2005) 339-375. Somoye, R. (2008). The performance of commercial banks in post-consolidation period in Nigeria: An empirical review. European Journal of Economics, Finance and Administrative Science, Volume(l4), 62-72. Soludo, C. (2004, July 4). Consolidating the Nigerian banking industry to meet the development challenges of the 21st century. Presented at the meeting of the Bankers Committee, CBN Head Quarter, Abuja. Soludo, C. (2009, March 30). Banking in Nigeria at a time of global financial crisis. Presented at Special Interactive Session Eko. Hotel & Suites, Victoria Island, Lagos. Straub, D. W., & Nance, W. D.(1990) "Discovering and disciplining computer abuse in organizations: a field study," MIS Quarterly (14:1), 1990, pp. 45-60. Straub, D., Boudreau, M., & Gefen, D. (2004). Validation guidelines far positivist research communication. Association for Information Systems, 13(24), 380-427. Straub, D. W. & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS Quarterly 22(4): 441-469. Swanson, D. (2000). Secure Strategies. Retrieved at February 4, 2011 from http://infosecuritymag.techtarget.com/artcles/ octoberOO/features3.html. Tabachnick, B.G. & Fidell, L.S. (2001). Using multivariate statistics. (4th ed.). London: A Pearson Education Company. Tabachnick, B.G. & Fidell, L.S. (2007). Using Multivariate Statistics (5th ed.) (2) Pearson International Edition. Ta- Wei David Wong, Jackie Rees & Karthik Kannan. (2008). Reading the disclosure with new eyes: bridging the gap between information system disclosure and incidents. Tarimo, C. N., Bakari, J. K, Yngstrom, L., & Kowalski, S. (2006) A Social-Technical View of ICT Security Issues, Trends, and Challenges: Towards a Culture of ICT Security- The Case of Tanzania Available at: http://www.citaseerx.ist.psu.edu/ viewdoc/download?doi=10.1.1.145.2850.pdf. (Accessed April 15, 2013). Thong, J.Y.L., Yap, C.S., & Raman, K.S. (1994). Engagement of External Expertise in Information Systems Implementation, Journal of Management Information Systems, 11(2), 209-231. Thong, J.Y.L., Yap, C.S. & Raman, K.S. (1996). Top Management Support, External Expertise and Information Systems Implementation in Small Businesses. Information Systcm Research, 7(2), 248-267. Thong, J.Y.L. (1999). An Lntergrated Model of Information Systems Adoption in Small Business. Journal of Management information Systems 15(4), 187-214. Thomas, A. & Lindsay, D. (2003). Organizational culture at a South African food service company. South African Journal of Business Management, 34(4), 45-52. Tornatzky, L. G. & Fleischer, M. (1990). The process of technology innovation. Lexington: Lexington Books. Toval Ambrosia, Joaquin Nicolas, Begona Moros, & Fernando Garcia (2002). Requirement reuse for improving Information Systems Security: A practitioner's approach, requirements engineering. Uchendu, O. A. (1998) A Concentration in the Commercial Banking Industry in Nigeria. Economic and Financial Review, 40(3), Central Bank of Nigeria. Von Solms, R. (1999). Information security management: Why Standards are important Information Management & Computer Security. 7(1), pp. 50-57. Von Solms, R. (1996). Information security management: The second wave. Information Computer and Security, 15, 281-288. Von Solms, R. (1998a). Information security management: Why information security is so important. Information Management and Computer Security, pp. 174-177. Von Solms, R. (1998b). Information security management: Guidelines to the management of information technology security (GMITS). Information Management & Computer Security, pp. 221-223. Von Solms, R. (1998c) Information security management: The code of practice for information security Management (BS 7799). Information Management & Computer Security, pp. 224-225. Von Solms, R. (1999). Information security management: Why standards are important. Information Management & Computer Security, 50-57. Von Solms, B. & Von Solms, R. (2004). The 10 deadly sins of information security management. Computer & Security 23, 371-376. Von Solms, B. (2000). Information security- The third wave?. Computers and Security. 19(7), November: 615-620. Von Solms, B. (2000). Information security- The Fourth wave?. Computers and Security. 25 (165), 165- 168. Van Muijen, J.J, & Koopman, P. (1999). Organizational Culture: The Focus Questionnaire, European Journal of Word and Organizational Psychology, 8(4), 551-568. Wang, R. Y., & Strong, D.M. (1996). Beyond accuracy: what data quality means to data consumers. Journal of Management Information Systems, 24(4), 5-34. Wang, J.J, & Yang, D.L. {2007). Using a hybrid multi-criteria decision aid. Computers & Operations Research, 34(12), 3691-3700. Wang, H. J & Zhao, J.L. (2011) "Constraint-Center workforce change analytics" Decision Support Systems 13, 3. 562-575. Werlinger, R., Hawkey, K., & Beznosov, K. (2009). An integrated view of human, organizational and technological challenges of IT security management. Information Management & Computer Security, 17(1), 4-19. Williams, P. A. (2009) What Does Security Culture Look Like For Small Organizations? 7th Australian Information Security Management Conference, Perth, Western Australia. Williams, P. (2007). Executive and Board Roles in Information Security. Information Systems Control Journal, vol. 2007(8), pp. 11-14. Willison, R.(2006) "Understanding the Perpetration of Employee Computer Crime in the Organizational Context," Information and organization (16:4), 2006, pp. 304-324. Wilson, M. & Hash, J. (2003) National Institute of Standards and Technology. NIST Special Publication 800-50. Wood, C.C., (2008) The Importance of Defining and Documenting Information Security Roles and Responsibilities. Information Shield. Wright, C. (2004). Top Three Potential Risks with Outsourcing Information Systems. Information Systems Control Journal, 5, Wright, M. (1999). Third generation risk management practices. Computers & Security, (2), 9-12. Wright, M. A. (1994). Protecting information: effective security controls. Review of Business, 16(2): 4-9. Wright, M.A. (1998). The need for information security education. Computer Fraud & Security, (8), 14-17. Wulgaert, T. (2005). Security Awareness- Best Practices to Serve Your Enterprise: Rolling. Yam, J. (1998). The impact of technology on financial development in East Asia. Journal of International Affairs, 51(2), 539-555. Yin, R.K. (1989). Case Study Research: design and methods (Vol. 5) Newbury Park, CA, Sage Publication. Zakaria, O. (2013) Information Security Culture: A Human Firewall Approach, Lambert Publishing Germany. Zakaria, 0. (2004) Understanding Challenges of Information Security Culture: A Methodological Issues: in Proceedings of the 2nd Australia Information Security Management Conference Perth Australia. Zakaria, O. (2005) Information Security Culture and Leadership. 4th European Conference on Information Warfare and Security Cardiff, Wales. Zakaria, O. (2007). Investigating information security culture challenges in a public sector organization: a Malaysian case (Unpublished PhD Thesis). Zedeck, S. (1971). Problems with th e.i e of moderators variables.Psycho1ogy Bulletin 26(4) 295-310. Zhao, J. L. & Chang, H. K. (2005). Web services and process management: A union of convenience or a new area of research. Decision Support Systems, 40(1), 1-8. Zhu, K. & Kraemer, K.L. (2005). Post-adoption variations in usage and value of business by organizations cross-country evidence from the Retail Industry. Information Systems Research, 16(1), 61-84. Zhu, K., Kraemer, K.L., Xu, S. & Dedrick, J. (2004). Information technology payoff in e-business environment: An international perspective on value creation of e-business in the financial services industry. Journal of Management Information systems, 21(1), 17-56. Zhu, K., Kraemer, K.L., & Xu, S. (2003). E-Business adoption by European Firms across country assessment of the facilitators and inhibitors. European Journal of Information Systems 12(4), 251-268. Zikmund, W.G. (2003). Business Researcher Methods (7ed.), U.S.A.: Thomas South-Western, INC. Zikmund, W.G., Badin, B.J., Carr, J.C. & Griffin, M. (2010). Business Researcher Methods (Sed.), U.S.A.: Thomas South-Western, INC.

Similar Items